This document is an excerpt from the EUR-Lex website
Document 52018AE2737
Opinion of the European Economic and Social Committee on ‘Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters’ (COM(2018) 225 final — 2018/0108(COD)) — ‘Proposal for a Directive of the European Parliament and of the Council laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings’ (COM(2018) 226 final — 2018/0107(COD))
Opinion of the European Economic and Social Committee on ‘Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters’ (COM(2018) 225 final — 2018/0108(COD)) — ‘Proposal for a Directive of the European Parliament and of the Council laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings’ (COM(2018) 226 final — 2018/0107(COD))
Opinion of the European Economic and Social Committee on ‘Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters’ (COM(2018) 225 final — 2018/0108(COD)) — ‘Proposal for a Directive of the European Parliament and of the Council laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings’ (COM(2018) 226 final — 2018/0107(COD))
EESC 2018/02737
IO C 367, 10.10.2018, p. 88–92
(BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
10.10.2018 |
EN |
Official Journal of the European Union |
C 367/88 |
Opinion of the European Economic and Social Committee on ‘Proposal for a Regulation of the European Parliament and of the Council on European Production and Preservation Orders for electronic evidence in criminal matters’
(COM(2018) 225 final — 2018/0108(COD))
‘Proposal for a Directive of the European Parliament and of the Council laying down harmonised rules on the appointment of legal representatives for the purpose of gathering evidence in criminal proceedings’
(COM(2018) 226 final — 2018/0107(COD))
(2018/C 367/17)
Rapporteur-general:
Christian BÄUMLER
Consultation |
European Parliament, 31.5.2018 |
Legal basis |
Article 82(1) of the Treaty on the Functioning of the European Union |
Section responsible |
Section for Employment, Social Affairs and Citizenship |
Bureau decision |
22.5.2018 |
Adopted at plenary |
12.7.2018 |
Plenary session No |
536 |
Outcome of vote (for/against/abstentions) |
157/2/0 |
1. Conclusions and recommendations
1.1. |
The EESC considers the growing use of information services as a challenge for law enforcement. There is currently a lack of reliable cooperation with service providers and a lack of transparency; legal uncertainty also surrounds jurisdiction for investigative measures. |
1.2. |
The EESC welcomes the fact that the proposal for a Regulation on European Production and Preservation Orders for electronic evidence introduces binding European instruments for securing and accessing data. |
1.3. |
The EESC welcomes the fact that the European Production Order and the European Preservation Order are investigative measures that can be issued only in criminal investigations or criminal proceedings for concrete criminal offences. |
1.4. |
The EESC welcomes the fact that the European Production Order will only be used for more serious crimes. The EESC notes that this objective would be better achieved by using a minimum three-month penalty as a guideline rather than a maximum three-year penalty. |
1.5. |
The EESC underlines the fact that this Regulation must respect fundamental rights and observe the principles recognised in particular by the Charter of Fundamental Rights of the European Union and the Member States’ constitutions. |
1.6. |
The EESC points out that there are often different answers at national level to questions relating to the conditions for access to data during criminal proceedings and who decides on this access. The EESC supports the development of Europe-wide uniform standards regarding the conditions for access to data. |
1.7. |
The EESC welcomes the fact that both orders need to be issued or confirmed by a judicial authority of a Member State. However, the EESC finds it problematic that a Production Order for subscriber and access data can also be issued by a prosecutor, and advocates extending scrutiny by a judge to the gathering of all personal data. |
1.8. |
Like the Commission, the EESC finds it problematic that third countries could introduce obligations on EU service providers which do not comply with EU fundamental rights. The EESC welcomes the fact that the proposal contains strong safeguards and explicit references to the conditions and safeguards already inherent in the EU acquis. |
1.9. |
The EESC supports the possibility set out in the Commission’s proposal that the legality, necessity or proportionality of a Production Order may be challenged by the addressee and that the immunities and privileges which protect the data sought in the Member State of the service provider must be respected by the issuing state. |
1.10. |
The EESC welcomes the fact that the Commission proposal makes it mandatory for service providers to designate a legal representative in the Union to receive, comply with and enforce decisions aimed at gathering evidence. |
1.11. |
The EESC considers that service providers should have the right to reimbursement of costs in all cases where this is provided for in the law of the issuing state. |
2. Context of the proposal
2.1. |
More than half of all criminal investigations today include a cross-border request for access to electronic evidence such as text messages, emails or messaging apps. Therefore, the Commission is putting forward new rules intended to enable police and judicial authorities to gain easier and faster access to the electronic evidence they consider necessary for their investigations in order to arrest and convict criminals and terrorists. |
2.2. |
In 2016, the Council (1) called for concrete action based on a common EU approach to make mutual legal assistance more efficient; to improve cooperation between Member State authorities and service providers based in non-EU countries; and to propose solutions to determining jurisdiction for investigations in cyberspace, and the parallel issue of jurisdiction for enforcement. |
2.3. |
The European Parliament (2) similarly highlighted the challenges that the currently fragmented legal framework can create for service providers seeking to comply with law enforcement requests. Parliament called for a European legal framework, including safeguards for the rights and freedoms of all concerned. |
2.4. |
For situations where either the evidence or the service provider is located in another country, mechanisms for cooperation between countries were developed several decades ago. Despite regular reforms, these cooperation mechanisms are under increasing pressure from the growing need for timely cross-border access to electronic evidence. In response, a number of Member States and third countries have resorted to expanding their national tools. In the EESC’s view, the resulting fragmentation generates legal uncertainty and conflicting obligations, and raises questions about the protection of fundamental rights and procedural safeguards for persons affected by such requests. |
2.5. |
The EESC perceives the increased use of information services to be a challenge for law enforcement, as the relevant authorities are often ill equipped to deal with evidence online. The lengthy process to obtain evidence is also one of the main obstacles. There is currently a lack of reliable cooperation with service providers and a lack of transparency; legal uncertainty also surrounds jurisdiction for investigative measures. The EESC supports direct cross-border cooperation between law enforcement and digital service providers in criminal investigations. |
2.6. |
The current EU legal framework consists of Union cooperation instruments in criminal matters, such as Directive 2014/41/EU regarding the European Investigation Order in criminal matters (3) (EIO Directive), the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union (4), Council Decision 2002/187/JHA setting up Eurojust (5), Regulation (EU) 2016/794 on Europol (6), and Council Framework Decision 2002/465/JHA on joint investigation teams (7), as well as bilateral agreements between the Union and non-EU countries. |
3. Preservation and Production Orders
3.1. |
The EESC welcomes the fact that the proposal for a Regulation on European Production and Preservation Orders for electronic evidence in criminal matters (COM(2018) 225) introduces binding European instruments for securing and accessing data. Addressees are providers of electronic communication services, social networks, online marketplaces, other hosting service providers and providers of internet infrastructure such as IP address and domain name registries. |
3.2. |
The EIO Directive covers any cross-border investigative measure in the EU. This includes access to electronic evidence, but the EIO Directive does not contain any specific provisions on the cross-border gathering of electronic evidence. The EESC therefore welcomes the fact that the Commission is putting forward new rules to enable police and judicial authorities to gain easier and faster access to electronic evidence. |
3.3. |
The EESC welcomes the fact that the European Production Order and the European Preservation Order are investigative measures that can be issued only in criminal investigations or criminal proceedings for concrete criminal offences. The link to a concrete investigation distinguishes them from preventive measures or data retention obligations set out by law and ensures the application of the procedural rights applicable to criminal proceedings. |
3.4. |
The EESC notes that orders to produce subscriber and access data are to be issued for any criminal offence whilst the order for producing transactional or content data is only to be issued for criminal offences punishable in the issuing state by a custodial sentence of a maximum of at least three years, or for specific crimes which are referred to in the proposal and where there is a specific link to electronic tools and offences covered by the Terrorism Directive (EU) 2017/541. This guideline of a maximum sentence of three years should ensure that the European Production Order for such data will only be used for more serious crimes. The EESC notes that this objective — which is shared by the EESC — would be better achieved by using a minimum three-month penalty as a guideline. |
3.5. |
The legal basis to support action in the area of justice is Article 82(1) of the Treaty on the Functioning of the European Union. Article 82(1) provides that measures may be adopted in accordance with the ordinary legislative procedure to lay down rules and procedures for ensuring recognition throughout the Union of all forms of judgments and judicial decisions. |
3.6. |
The new instruments build on these principles of mutual recognition in order to facilitate the cross-border collection of electronic evidence. An authority in the country where the addressee of the order is located will not have to be involved in serving and executing the order directly. The EESC points out that this may mean EU citizens being subject to having their data accessed by an authority of another EU Member State according to that authority’s rules. |
3.7. |
The EESC underlines the fact that this Regulation must respect fundamental rights and observe the principles recognised in particular by the Charter of Fundamental Rights of the European Union and the Member States’ constitutions. These include the right to liberty and security, the respect for private and family life, the protection of personal data, the freedom to conduct a business, the right to property, the right to an effective remedy and to a fair trial, the presumption of innocence and right of defence, the principles of legality and proportionality, and the right not to be tried or punished twice in criminal proceedings for the same criminal offence. The EESC points out that protecting these rights also depends on the conditions under which these rights may be encroached upon, and who decides on this. |
3.8. |
The EESC points out that there are often different answers at national level to questions relating to the conditions for access to data during criminal proceedings and who decides on this access. The police, the prosecutor or a court may be responsible for accessing data. Differences also arise as to the stage of an investigation procedure and the degree of suspicion that make it legally permissible to access data. The EESC is of the view that Europe-wide uniform standards for when data can be accessed need be developed. |
3.9. |
The EESC welcomes the fact that both orders need to be issued or confirmed by a judicial authority of a Member State. When issuing a European Production or Preservation Order, a judicial authority always needs to be involved as either an issuing or a confirming authority. For orders to produce transactional and content data, a judge or court is required. The Commission proposal would increase the overall level of legal protection in Europe. |
3.10. |
However, the EESC finds it problematic that a Production Order for subscriber and access data can also be issued by a prosecutor, as subscriber and access data is personal data as well, and retrospective legal protection is difficult in cases of data access from other Member States. The EESC advocates extending review by a judge to the collection of all personal data. |
3.11. |
The EESC supports the possibility set out in the Commission’s proposal that the legality, necessity or proportionality of a Production Order may be challenged by the addressee. According to the Commission proposal, the rights under the law of the enforcing state are fully respected by ensuring that the immunities and privileges which protect the data sought in the Member State of the service provider must be complied with by the issuing state. This is especially the case, according to the proposal, where they provide for stronger protection than the law of the issuing state. |
3.12. |
The EESC points out that the order also affects the rights of service providers, in particular the freedom to conduct a business. The EESC welcomes the fact that the proposal includes a right for the service provider to raise certain claims in the issuing Member State, for example if the order has not been issued or confirmed by a judicial authority. If the order is transmitted for enforcement to the enforcing state, the enforcing authority may decide not to recognise or enforce the order if permissible grounds for opposition are apparent, and after consulting with the issuing authority. |
3.13. |
The Commission’s proposal contains a provision under which service providers may claim reimbursement of their costs from the issuing state in accordance with that state’s national law, if this is provided for by the national law of the issuing state for domestic orders in similar domestic cases. The EESC considers that service providers should have the right to reimbursement of costs in all cases where this is provided for in the law of the issuing state. |
4. Conflicting obligations
4.1. |
The EESC, like the Commission, sees a problem in the fact that third countries could introduce obligations on EU service providers which are not consistent with EU fundamental rights, including the high level of data protection ensured by the EU acquis. |
4.2. |
The proposal deals with this issue by putting forward a measure that contains strong safeguards and explicit references to the conditions and safeguards already inherent in the EU acquis. The EESC shares the Commission’s view that this could serve as a model for third countries’ legislation. |
4.3. |
The EESC also supports the proposal’s suggested inclusion of a specific ‘conflicts of obligations’ clause that allows service providers to identify and raise conflicting obligations they face, triggering a judicial review. This clause should ensure respect for two types of law: general blocking statutes, such as for example the U.S. Electronic Communications Privacy Act (ECPA), which prohibits disclosure in relation to content data within its geographic scope except in limited circumstances, and laws that do not generally prohibit disclosure but may do so in individual cases. |
4.4. |
The EESC, like the Commission, is of the view that international agreements with other key partners may further reduce conflicts-of-law situations. This would be the best way to avoid conflicts. |
5. Directive on the appointment of legal representatives
5.1. |
The Commission proposal on European Production and Preservation Orders is to be completed by means of a Directive laying down uniform rules on the appointment of legal representatives in criminal proceedings (COM(2018) 226). There are currently varying approaches across Member States when it comes to obligations imposed on service providers. This fragmentation is particularly evident in relation to electronic evidence. This creates legal uncertainty for those involved and can put service providers under different and sometimes conflicting obligations and sanctioning regimes in this regard, depending on whether they provide their services nationally, cross-border within the Union, or from outside the Union. |
5.2. |
The Commission’s proposed Directive makes it mandatory for service providers to designate a legal representative in the Union to receive, comply with and enforce decisions aimed at gathering evidence by competent national authorities in criminal proceedings. |
5.3. |
In the EESC’s view, these rules would ensure a better functioning of the internal market in a way which is in line with the development of a common area of freedom, security and justice. The obligation for all service providers that are operating in the Union to designate a legal representative would ensure that there is always a clear addressee for investigative measures. This would in turn make it easier for service providers to comply with those orders, as the legal representative would be responsible for receiving, complying with and enforcing those orders on behalf of the service provider. |
Brussels, 12 July 2018.
The President of the European Economic and Social Committee
Luca JAHIER
(1) Conclusions of the Council of the European Union of 9 June 2016 on improving criminal justice in cyberspace, ST9579/16.
(2) P8_TA(2017)0366.
(3) Directive 2014/41/EU of the European Parliament and of the Council of 3 April 2014 regarding the European Investigation Order in criminal matters (OJ L 130, 1.5.2014, p. 1).
(4) Council Act of 29 May 2000 establishing in accordance with Article 34 of the Treaty on European Union the Convention on Mutual Assistance in Criminal Matters between the Member States of the European Union.
(5) Council Decision 2002/187/JHA of 28 February 2002 setting up Eurojust with a view to reinforcing the fight against serious crime.
(6) Regulation (EU) 2016/794 of the European Parliament and of the Council of 11 May 2016 on the European Union Agency for Law Enforcement Cooperation (Europol).
(7) Council Framework Decision 2002/465/JHA of 13 June 2002.